==Phrack Inc.==
Volume Four, Issue Forty, File 14 of 14
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN Phrack World News PWN
PWN PWN
PWN Issue 40 / Part 3 of 3 PWN
PWN PWN
PWN Compiled by Datastream Cowboy PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Bellcore Threatens 2600 Magazine With Legal Action July 15, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
THE FOLLOWING CERTIFIED LETTER HAS BEEN RECEIVED BY 2600 MAGAZINE. WE WELCOME
ANY COMMENTS AND/OR INTERPRETATIONS.
Leonard Charles Suchyta
General Attorney
Intellectual Property Matters
Emanuel [sic] Golstein [sic], Editor
2600 Magazine
P.O. Box 752
Middle Island, New York 11953-0752
Dear Mr. Golstein:
It has come to our attention that you have somehow obtained and published in
the 1991-1992 Winter edition of 2600 Magazine portions of certain Bellcore
proprietary internal documents.
This letter is to formally advise you that, if at any time in the future you
(or your magazine) come into possession of, publish, or otherwise disclose any
Bellcore information or documentation which either (i) you have any reason to
believe is proprietary to Bellcore or has not been made publicly available by
Bellcore or (ii) is marked "proprietary," "confidential," "restricted," or with
any other legend denoting Bellcore's proprietary interest therein, Bellcore
will vigorously pursue all legal remedies available to it including, but not
limited to, injunctive relief and monetary damages, against you, your magazine,
and its sources.
We trust that you fully understand Bellcore's position on this matter.
Sincerely,
LCS/sms
LCS/CORR/JUN92/golstein.619
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Emmanuel Goldstein Responds
~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following reply has been sent to Bellcore. Since we believe they have
received it by now, we are making it public.
Emmanuel Goldstein
Editor, 2600 Magazine
PO Box 752
Middle Island, NY 11953
July 20, 1992
Leonard Charles Suchyta
LCC 2E-311
290 W. Mt. Pleasant Avenue
Livingston, NJ 07039
Dear Mr. Suchyta:
We are sorry that the information published in the Winter 1991-92 issue of 2600
disturbs you. Since you do not specify which article you take exception to, we
must assume that you're referring to our revelation of built-in privacy holes
in the telephone infrastructure which appeared on Page 42. In that piece, we
quoted from an internal Bellcore memo as well as Bell Operating Company
documents. This is not the first time we have done this. It will not be the
last.
We recognize that it must be troubling to you when a journal like ours
publishes potentially embarrassing information of the sort described above.
But as journalists, we have a certain obligation that cannot be cast aside
every time a large and powerful entity gets annoyed. That obligation compels
us to report the facts as we know them to our readers, who have a keen interest
in this subject matter. If, as is often the case, documents, memoranda, and/or
bits of information in other forms are leaked to us, we have every right to
report on the contents therein. If you find fault with this logic, your
argument lies not with us, but with the general concept of a free press.
And, as a lawyer specializing in intellectual property law, you know that you
cannot in good faith claim that merely stamping "proprietary" or "secret" on a
document establishes that document as a trade secret or as proprietary
information. In the absence of a specific explanation to the contrary, we must
assume that information about the publicly supported telephone system and
infrastructure is of public importance, and that Bellcore will have difficulty
establishing in court that any information in our magazine can benefit
Bellcore's competitors, if indeed Bellcore has any competitors.
If in fact you choose to challenge our First Amendment rights to disseminate
important information about the telephone infrastructure, we will be compelled
to respond by seeking all legal remedies against you, which may include
sanctions provided for in Federal and state statutes and rules of civil
procedure. We will also be compelled to publicize your use of lawsuits and the
threat of legal action to harass and intimidate.
Sincerely,
Emmanuel Goldstein
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Exposed Hole In Telephone Network Draws Ire Of Bellcore July 24, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Taken from Communications Daily (Page 5)
Anyone Can Wiretap Your Phone
Major security hole in telephone network creates "self-serve" monitoring
feature allowing anyone to listen in on any telephone conversation they choose.
Weakness involves feature called Busy Line Verification (BLV), which allows
phone companies to "break into" conversation at any time. BLV is used most
often by operators entering conversation to inform callers of emergency
message. But BLV feature can be used by anyone with knowledge of network's
weakness to set up ad hoc 'wiretap' and monitor conversations, said Emmanuel
Goldstein, editor of 2600 Magazine, which published article in its Winter 1991
issue.
2600 Magazine is noted for finding and exposing weaknesses of
telecommunications. It's named for frequency of whistle, at one time given
away with Cap'n Crunch cereal, which one notorious hacker discovered could,
when blown into telephone receiver, allow access to open 800 line. Phone
companies have since solved that problem.
Security risks are outlined in article titled "U.S. Phone Companies Face Built-
In Privacy Hole" that quotes from internal Bellcore memo and Bell Operating Co.
documents: "'A significant and sophisticated vulnerability' exists that could
affect the security and privacy of BLV." Article details how, after following 4
steps, any line is susceptible to secret monitoring. One document obtained by
2600 said: "There is no proof the hacker community knows about the
vulnerability."
When Bellcore learned of article, it sent magazine harsh letter threatening
legal action. Letter said that if at any time in future magazine "comes into
possession of, publishes, or otherwise discloses any Bellcore information"
organization will "vigorously pursue all legal remedies available to it
including, but not limited to, injunctive and monetary damages." Leonard
Suchyta, Bellcore General Attorney for Intellectual Property Matters, said
documents in magazine's possession "are proprietary" and constitute "a trade
secret" belonging to Bellcore and its members -- RBOCs. He said documents are
"marked with 'Proprietary' legend" and "the law says you can't ignore this
legend, its [Bellcore's] property." Suchyta said Bellcore waited so long to
respond to publication because "I think the article, as we are not subscribers,
was brought to our attention by a 3rd party." He said this is first time he
was aware that magazine had published such Bellcore information.
But Goldstein said in reply letter to Bellcore: "This is not the first time we
have done this. It will not be the last." He said he thinks Bellcore is
trying to intimidate him, "but they've come up against the wrong publication
this time." Goldstein insisted that documents were leaked to his magazine:
"While we don't spread the documents around, we will report on what's contained
within." Suchyta said magazine is obligated to abide by legend stamped on
documents. He said case law shows that the right to publish information hinges
on whether it "has been lawfully acquired. If it has a legend on it, it's sort
of hard to say it's lawfully acquired."
Goldstein said he was just making public what already was known: There's known
privacy risk because of BLV weakness: "If we find something out, our first
instinct is to tell people about it. We don't keep things secret." He said
information about security weaknesses in phone network "concerns everybody."
Just because Bellcore doesn't want everyone to know about its shortcomings and
those of telephone network is hardly reason to stifle that information,
Goldstein said. "Everybody should know if their phone calls can be listened in
on."
Suchyta said that to be considered "valuable," information "need not be of
super, super value," like proprietary software program "where you spent
millions of dollars" to develop it. He said information "could well be your
own information that would give somebody an advantage or give them some added
value they wouldn't otherwise have had if they had not taken it from you."
Goldstein said he was "sympathetic" to Bellcore's concerns but "fact is, even
when such weaknesses are exposed, [phone companies] don't do anything about
them." He cited recent indictments in New York where computer hackers were
manipulating telephone, exploiting weaknesses his magazine had profiled long
ago. "Is there any security at all [on the network]?" he said. "That's the
question we have to ask ourselves."
Letter from Bellcore drew burst of responses from computer community when
Goldstein posted it to electronic computer conference. Lawyers specializing in
computer law responded, weighing in on side of magazine. Attorney Lance Rose
said: "There is no free-floating 'secrecy' right . . . Even if a document says
'confidential' that does not mean it was disclosed to you with an understanding
of confidentiality -- which is the all-important question." Michael Godwin,
general counsel for Electronic Frontier Foundation, advocacy group for the
computer community, said: "Trade secrets can qualify as property, but only if
they're truly trade secrets. Proprietary information can (sort of) qualify as
property if there's a breach of a fiduciary duty." Both lawyers agreed that
magazine was well within its rights in publishing information. "If Emmanuel
did not participate in any way in encouraging or aiding in the removal of the
document from Bellcore . . . that suggests he wouldn't be liable," Godwin said.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Bellcore And 2600 Dispute Publishing Of Article July 27, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Barbara E. McMullen & John F. McMullen (Newsbytes)
MIDDLE ISLAND, NY -- Eric Corley a/k/a "Emmanuel Goldstein", editor and
publisher of 2600 Magazine: The Hacker Quarterly, has told Newsbytes that he
will not be deterred by threats from Bellcore from publishing material which he
considers important for his readership.
Earlier this month, Corley received a letter (addressed to "Emanuel Golstein")
from Leonard Charles Suchyta, General Attorney, Intellectual Property Matters
at Bellcore taking issue with the publication by 2600 of material that Suchyta
referred to as "portions of certain Bellcore proprietary internal documents."
The letter continued "This letter is to formally advise you that, if at any
time in the future you (or your magazine) come into possession of, publish, or
otherwise disclose any Bellcore information or documentation which either (i)
you have any reason to believe is proprietary to Bellcore or has not been made
publicly available by Bellcore or (ii) is marked "proprietary," "confidential,"
"restricted," or with any other legend denoting Bellcore's proprietary interest
therein, Bellcore will vigorously pursue all legal remedies available to it
including, but not limited to, injunctive relief and monetary damages, against
you, your magazine, and its sources."
While the letter did not mention any specific material published by 2600,
Corley told Newsbytes that he believes that Suchyta's letter refers to an
article entitled "U.S. Phone Companies Face Built-In Privacy Hole".that appears
on page 42 of the Winter 1991 issue. Corley said "What we published was
derived from a 1991 internal Bellcore memo as well as Bell Operating Company
documents that were leaked to us. We did not publish the documents. However,
we did read what was sent to us and wrote an article based upon that. The
story focuses on how the phone companies are in an uproar over a 'significant
and sophisticated vulnerability' that could result in BLV (busy line
verification) being used to listen in on phone calls."
The 650-word article said, in part, "By exploiting a weakness, it's possible
to remotely listen in on phone conversations at a selected telephone number.
While the phone companies can do this any time they want, this recently
discovered self-serve monitoring feature has created a telco crisis of sorts."
The article further explained how people might exploit the security hole,
saying "The intruder can listen in on phone calls by following these four
steps:
"1. Query the switch to determine the Routing Class Code assigned to the BLV
trunk group.
"2. Find a vacant telephone number served by that switch.
"3. Via recent change, assign the Routing Class Code of the BLV trunks to the
Chart Column value of the DN (directory number) of the vacant telephone
number.
"4. Add call forwarding to the vacant telephone number (Remote Call Forwarding
would allow remote definition of the target telephone number while Call
Forwarding Fixed would only allow the specification of one target per
recent change message or vacant line)."
"By calling the vacant phone number, the intruder would get routed to the BLV
trunk group and would then be connected on a "no-test vertical" to the target
phone line in a bridged connection."
The article added "According to one of the documents, there is no proof that
the hacker community knows about the vulnerability. The authors did express
great concern over the publication of an article entitled 'Central Office
Operations - The End Office Environment' which appeared in the electronic
newsletter Legion of Doom/Hackers Technical Journal. In this article,
reference is made to the 'No Test Trunk'."
The article concludes "even if hackers are denied access to this "feature",
BLV networks will still have the capability of being used to monitor phone
lines. Who will be monitored and who will be listening are two forever
unanswered questions."
Corley responded to to Suchyta's letter on July 20th, saying "I assume that
you're referring to our revelation of built-in privacy holes in the telephone
infrastructure which appeared on Page 42. In that piece, we quoted from an
internal Bellcore memo as well as Bell Operating Company documents. This is
not the first time we have done this. It will not be the last.
"We recognize that it must be troubling to you when a journal like ours
publishes potentially embarrassing information of the sort described above.
But as journalists, we have a certain obligation that cannot be cast aside
every time a large and powerful entity gets annoyed. That obligation compels
us to report the facts as we know them to our readers, who have a keen interest
in this subject matter. If, as is often the case, documents, memoranda, and/or
bits of information in other forms are leaked to us, we have every right to
report on the contents therein. If you find fault with this logic, your
argument lies not with us, but with the general concept of a free press.
"And, as a lawyer specializing in intellectual property law, you know that
you cannot in good faith claim that merely stamping "proprietary" or "secret"
on a document establishes that document as a trade secret or as proprietary
information. In the absence of a specific explanation to the contrary, we must
assume that information about the publicly supported telephone system and
infrastructure is of public importance, and that Bellcore will have difficulty
establishing in court that any information in our magazine can benefit
Bellcore's competitors, if indeed Bellcore has any competitors.
"If in fact you choose to challenge our First Amendment rights to disseminate
important information about the telephone infrastructure, we will be compelled
to respond by seeking all legal remedies against you, which may include
sanctions provided for in Federal and state statutes and rules of civil
procedure. We will also be compelled to publicize your use of lawsuits and the
threat of legal action to harass and intimidate.
Sincerely,
Emmanuel Goldstein"
Corley told Newsbytes "Bellcore would never have attempted this with the New
York Times. They think that it would, however, be easy to shut us up by simple
threats because of our size. They are wrong. We are responsible journalists;
we know the rules and we abide by them. I will, by the way, send copies of the
article in question to anyone who request it. Readers may then judge for
themselves whether any boundaries have been crossed."
Corley, who hosts the weekly "Off the Hook" show on New York City's WBAI radio
station, said that he had discussed the issue on the air and had received
universal support from his callers. Corley also told Newsbytes, that, although
he prefers to be known by his nomme de plume (taken from George Orwell's
1984), he understands that the press fells bound to use his actual name. He
said that, in the near future, he will "end the confusion by having my name
legally changed."
Bellcore personnel were unavailable for comment on any possible response to
Corley's letter.
_______________________________________________________________________________
Interview With Ice Man And Maniac July 22, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Joshua Quittner (New York Newsday)(Page 83)
Ice Man and Maniac are two underground hackers in the New England area that
belong to a group known as Micro Pirates, Incorporated. They agreed to be
interviewed if their actual identities were not revealed.
[Editor's Note: They are fools for doing this, especially in light of how
Phiber Optik's public media statements and remarks will
ultimately be used against him.]
Q: How do you define computer hacking?
Maniac: Hacking is not exploration of computer systems. It's more of an
undermining of security. That's how I see it.
Q: How many people are in your group, Micro Pirates Incorporated?
Ice Man: Fifteen or 14.
Maniac: We stand for similar interests. It's an escape, you know. If I'm not
doing well in school, I sit down on the board and talk to some guy in
West Germany, trade new codes of their latest conquest. Escape.
Forget about the real world.
Ice Man. It's more of a hobby. Why do it? You can't exactly stop. I came
about a year-and-a-half ago, and I guess you could say I'm one of the
ones on a lower rung, like in knowledge. I do all the -- you wouldn't
call it dirty work -- phone calls. I called you -- that kind of
thing.
Q: You're a "social engineer"?
Ice Man: Social engineering -- I don't know who coined the term. It's using
conversation to exchange information under false pretenses. For
example, posing as a telecommunications employee to gain more
knowledge and insight into the different [phone network] systems.
Q: What social engineering have you done?
Maniac: We hacked into the system that keeps all the grades for the public
school system. It's the educational mainframe at Kingsborough
Community College. But we didn't change anything.
Ice Man: They have the mainframe that stores all the schedules, Regents scores,
ID numbers of all the students in the New York high school area. You
have to log in as a school, and the password changes every week.
Q: How did you get the password?
Ice Man: Brute force and social engineering. I was doing some social
engineering in school. I was playing the naive person with an
administrator, asking all these questions toward what is it, where is
it and how do you get in.
Q: I bet you looked at your grades. How did you do?
Ice Man: High 80s.
Q. And you could have changed Regents scores?
Ice Man: I probably wouldn't have gotten away with it, and I wouldn't say I
chose not to on a moral basis. I'd rather say on a security basis.
Q: What is another kind of social engineering?
Maniac: There's credit-card fraud and calling-card fraud. You call up and
say, "I'm from the AT&T Corporation. We're having trouble with your
calling-card account. Could you please reiterate to us your four-
digit PIN number?" People, being kind of God-fearing -- as AT&T is
somewhat a God -- will say, "Here's my four-digit PIN number."
Q: Hackers from another group, MOD, were arrested recently and charged with,
among other things, selling inside information about how to penetrate
credit bureaus. Have you cleaned up your act?
Maniac: We understand the dangers of it now. We're not as into it. We
understand what people go through when they find out a few thousand
dollars have been charged to their credit-card account.
Q: Have you hacked into credit bureaus?
Ice Man: We were going to look up your name.
Maniac: CBI [Credit Bureau International, owned by Equifax, one of the largest
national credit bureaus], is pretty insecure, to tell you the truth.
Q: Are you software pirates, too?
Maniac: Originally. Way back when.
Ice Man: And then we branched out and into the hacking area. Software piracy
is, in the computer underground, the biggest thing. There are groups
like THG and INC, which are international. THG is The Humble Guys.
INC is International Network of Crackers, and I've recently found out
that it's run by 14 and 15-year-olds. They have people who work in
companies, and they'll take the software and they'll crack it -- the
software protection -- and then distribute it.
Q: Are there many hacking groups in New York?
Maniac: Three or four. LOD [the Legion of Doom, named by hacker Lex Luthor],
MOD, MPI and MOB [Men of Business].
Q: How do your members communicate?
Ice Man: The communication of choice is definitely the modem [to access
underground electronic bulletin boards where members leave messages
for each other or "chat" in real time]. After that is the voice mail
box [VMB]. VMBs are for communications between groups.
A company, usually the same company that has beepers and pagers and
answering services, has a voice-mail-box service. You call up [after
hacking out an access code that gives the user the ability to create
new voice mail boxes on a system] and can enter in a VMB number.
Occasionally they have outdial capabilities that allow you to call
anywhere in the world. I call about five every day. It's not really
my thing.
Q: Is your group racially integrated?
Ice Man: Half of them are Asian. Also we have, I think, one Hispanic. I never
met him. Race, religion -- nobody cares. The only thing that would
alienate you in any way would be if you were known as a lamer. If you
just took, took, took and didn't contribute to the underground. It's
how good you are, how you're respected.
Maniac: We don't work on a racial basis or an ethnic basis. We work on a
business basis. This is an organized hobby. You do these things for
us and you get a little recognition for it.
Ice Man: Yeah. If you're a member of our group and you need a high-speed
modem, we'll give you one, on a loan basis.
Q: How does somebody join MPI?
Maniac: They have to contact either of us on the boards.
Ice Man: And I'll go through the whole thing [with them], validating them,
checking their references, asking them questions, so we know what
they're talking about. And if it's okay, then we let them in. We
have members in 516, 718, 212, 201, 408, and 908. We're talking to
someone in Florida, but he's not a member yet.
Q: Are any MPI members in other hacking groups?
Ice Man: I know of no member of MPI that is in any other group. I wouldn't
call it betrayal, but it's like being in two secret clubs at one time.
I would want them faithful to my group, not any other group. There is
something called merging, a combination of both groups that made them
bigger and better. A lot of piracy groups did that.
Q: Aren't you concerned about breaking the law?
Maniac: Breaking the law? I haven't gotten caught. If I do get caught, I
won't be stupid and say I was exploring -- I'm not exploring. I'm
visiting, basically. If you get caught, you got to serve your time.
I'm not going to fight it.
_______________________________________________________________________________
FBI Unit Helps Take A Byte Out Of Crime July 15, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Bill Gertz (The Washington Times)(Page A4)
FBI crime busters are targeting elusive computer criminals who travel the world
by keyboard, telephone and computer screen and use such code names as "Phiber
Optik," "Masters of Disaster," "Acid Phreak" and "Scorpion."
"Law enforcement across the board recognizes that this is a serious emerging
crime problem, and it's only going to continue to grow in the future," said
Charles L. Owens, chief of the FBI's economic crimes unit.
Last week in New York, federal authorities unsealed an indictment against five
computer hackers, ages 18 to 22, who were charged with stealing long-distance
phone service and credit bureau information and who penetrated a wide variety
of computer networks.
The FBI is focusing its investigations on major intrusions into banking and
government computers and when the objective is stealing money, Mr. Owens said
in an interview.
FBI investigations of computer crimes have doubled in the past year, he said,
adding that only about 11 percent to 15 percent of computer crimes are reported
to law enforcement agencies. Because of business or personal reasons, victims
often are reluctant to come forward, he said.
Currently, FBI agents are working on more than 120 cases, including at least
one involving a foreign intelligence agency. Mr. Owens said half of the active
cases involve hackers operating overseas, but he declined to elaborate.
The FBI has set up an eight-member unit in its Washington field office devoted
exclusively to solving computer crimes.
The special team, which includes computer scientists, electrical engineers and
experienced computer system operators, first handled the tip that led to the
indictment of the five hackers in New York, according to agent James C. Settle,
who directs the unit.
Computer criminals, often equipped with relatively unsophisticated Commodore 64
or Apple II computers, first crack into international telephone switching
networks to make free telephone calls anywhere in the world, Mr. Settle said.
Hackers then can spend up to 16 hours a day, seven days a week, breaking into
national and international computer networks such as the academic-oriented
Internet, the National Aeronautics and Space Administration's Span-Net and the
Pentagon's Milnet.
To prevent being detected, unauthorized computer users "loop and weave" through
computer networks at various locations in the process of getting information.
"A lot of it is clearly for curiosity, the challenge of breaking into systems,"
Mr. Settle said. "The problem is that they can take control of the system."
Also, said Mr. Owens, computer hackers who steal such information from
commercial data banks may turn to extortion as a way to make money.
Mr. Settle said there are also "indications" that computer criminals are
getting involved in industrial espionage.
The five hackers indicted in New York on conspiracy, computer-fraud, computer
tampering, and wire-fraud charges called themselves "MOD," for Masters of
Deception or Masters of Disaster.
The hackers were identified in court papers as Julio Fernandez, 18, John Lee,
21, Mark Abene, 20, Elias Ladopoulos, 22, and Paul Stira, 22. All live in the
New York City area.
Mr. Fernandez and Mr. Lee intercepted data communications from a computer
network operated by the Bank of America, court papers said.
They also penetrated a computer network of the Martin Marietta Electronics
Information and Missile Group, according to the court documents.
The hackers obtained personal information stored in credit bureau computers,
with the intention of altering it "to destroy people's lives or make them look
like saints," the indictment stated.
_______________________________________________________________________________
And Today's Password Is... May 26, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~
By Robert Matthews (The Daily Telegraph)(page 26)
"Ways Of Keeping Out The Determined Hacker"
One of the late Nobel Prize-winning physicist Richard Feynman's favorite
stories was how he broke into top-secret atomic bomb files at Los Alamos by
guessing that the lock combination was 271828, the first six digits of the
mathematical constant "e". Apart from being amusing, Feynman's anecdote stands
as a warning to anyone who uses dates, names or common words for their computer
password.
As Professor Peter Denning, of George Mason University, Virginia, points out in
American Scientist, for all but the most trivial secrets, such passwords simply
aren't good enough. Passwords date back to 1960, and the advent of time-
sharing systems that allowed lots of users access to files stored on a central
computer. It was not long before the standard tricks for illicitly obtaining
passwords emerged: Using Feynman-style educated guessing, standing behind
computer users while they typed in their password or trying common system
passwords like "guest" or "root". The biggest security nightmare is, however,
the theft of the user-password file, which is used by the central computer to
check any password typed in.
By the mid-1970s, ways of tackling this had been developed. Using so-called
"one-way functions", each password was encrypted in a way that cannot be
unscrambled. The password file then contains only apparently meaningless
symbols, of no obvious use to the would-be hacker. But, as Denning warns, even
this can be beaten if passwords are chosen sloppily. Instead of trying to
unscramble the file, hackers can simply feed common names and dates -- or even
the entire English dictionary -- through the one-way function to see if the end
result matches anything on the scrambled password file. Far from being a
theoretical risk, this technique was used during the notorious Project
Equalizer case in 1987, when KGB-backed hackers in Hanover broke the passwords
of Unix-based computers in America.
Ultimately, the only way to solve the password problem is to free people of
their fear of forgetting more complex ones. The long-term solution, says
Denning, probably lies with the use of smart-card technology. One option is a
card which generates different passwords once a minute, using a formula based
on the time given by an internal clock. The user then logs on using this
password. Only if the computer confirms that the password corresponds to the
log-on time is the user allowed to continue. Another smart-card technique is
the "challenge-response" protocol. Users first log on to their computer under
their name, and are then "challenged" by a number appearing on the screen.
Keying this into their smart card, a "response number" is generated by a
formula unique to each smart card. If this number corresponds to the response
expected from a particular user's smart card, the computer allows access. A
number of companies are already marketing smart-card systems, although the
technology has yet to become popular.
In the meantime, Denning says that avoiding passwords based on English words
would boost security. He highlights one simple technique for producing non-
standard words that are nonetheless easy to remember: "Pass-phrases". For
this, one merely invents a nonsensical phrase like "Martin says Unix gives gold
forever", and uses the first letter of each word to generate the password:
MSUGGF. Such a password will defeat hackers, even if the password file is
stolen, as it does not appear in any dictionary. However, Denning is wary of
giving any guarantees. One day, he cautions, someone may draw up a
computerized dictionary of common phrases. "The method will probably be good
for a year or two, until someone who likes to compile these dictionaries starts
to attack it."
_______________________________________________________________________________
Outgunned "Computer Cops" Track High-Tech Criminals June 8, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Tony Rogers (Associated Press)
BOSTON -- The scam was simple. When a company ordered an airline ticket on its
credit card, a travel agent entered the card number into his computer and
ordered a few extra tickets.
The extra tickets added up and the unscrupulous agent sold them for thousands
of dollars.
But the thief eventually attracted attention and authorities called in Robert
McKenna, a prosecutor in the Suffolk County district attorney's office. He is
one of a growing, but still outgunned posse of investigators who track high-
tech villains.
After the thief put a ticket to Japan on a local plumbing company's account, he
was arrested by police McKenna had posing as temporary office workers. He was
convicted and sentenced to a year in prison.
But the sleuths who track high-tech lawbreakers say too many crimes can be
committed with a computer or a telephone, and too few detectives are trained to
stop them.
"What we've got is a nuclear explosion and we're running like hell to escape
the blast. But it's going to hit us," said Chuck Jones, who oversees high-tech
crime investigations at the California Department of Justice.
The problem is, investigators say, computers have made it easier to commit
crimes like bank fraud. Money transfers that once required signatures and
paperwork are now done by pressing a button.
But it takes time to train a high-tech enforcer.
"Few officers are adept in investigating this, and few prosecutors are adept
in prosecuting it," Jones said.
"You either have to take a cop and make him a computer expert, or take a
computer expert and make him a cop. I'm not sure what the right approach is."
In recent high-tech crimes:
- Volkswagen lost almost $260 million because of an insider computer scam
involving phony currency exchange transactions.
- A former insurance firm employee in Fort Worth, Texas, deleted more than
160,000 records from the company's computer.
- A bank employee sneaked in a computer order to Brinks to deliver 44
kilograms of gold to a remote site, collected it, then disappeared.
Still, computer cops have their successes.
The Secret Service broke up a scheme to make counterfeit automatic teller
machine cards that could have netted millions.
And Don Delaney, a computer detective for the New York State Police, nabbed
Jaime Liriano, who cracked a company's long-distance phone system.
Many company phone systems allow employes to call an 800 number, punch in a
personal identification number and then make long-distance calls at company
expense.
Some computer hackers use automatic speed dialers -- known as "demon dialers"
-- to dial 800 numbers repeatedly and try different four-digit numbers until
they crack the ID codes. Hackers using this method stole $12 million in phone
service from NASA.
Liriano did it manually, calling the 800 number of Data Products in
Wallingford, Connecticut, from his New York City apartment. He cracked the
company's code in two weeks.
Liriano started selling the long distance service -- $10 for a 20-minute call
anywhere -- and customers lined up inside his apartment.
But Delaney traced the calls and on March 10, he and his troopers waited
outside Liriano's apartment. On a signal from New York Telephone, which was
monitoring Liriano's line, the troopers busted in and caught him in the act.
Liriano pleaded guilty to a misdemeanor of theft of services, and was
sentenced to three years' probation and community service.
Data Products lost at least $35,000. "And we don't know what he made,"
Delaney said of Liriano.
_______________________________________________________________________________
Who Pays For Calls By Hackers? June 12, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Kent Gibbons (The Washington Times)(Page C1)
ICF International Inc. doesn't want to pay $82,000 for unauthorized calls by
hackers who tapped the company's switchboard.
AT&T says the Fairfax engineering firm owns the phone system and is responsible
for the calls, mostly to Pakistan.
Now their dispute and others like it are in Congress' lap. A House
subcommittee chairman believes a law is needed to cap the amount a company can
be forced to pay for fraudulent calls, the same way credit card users are
protected.
Edward Markey, the Massachusetts Democrat who held hearings on the subject
said long-distance carriers and local telephone companies should absorb much of
those charges.
Victims who testified said they didn't know about the illegal calls until the
phone companies told them, sometimes weeks after strange calling patterns
began. But since the calls went through privately owned switchboards before
entering the public telephone network, FCC rules hold the switchboard owners
liable.
"This is one of the ongoing dilemmas caused by the breakup of AT&T," Mr. Markey
said. Before the 1984 Bell system breakup, every stage of a call passed
through the American Telephone & Telegraph Co. network and AT&T was liable for
fraudulent calls.
Estimates of how much companies lose from this growing form of telephone fraud
range from $300 million to more than $2 billion per year.
The range is so vast because switchboard makers and victims often don't report
losses to avoid embarrassment or further fraud, said James Spurlock of the
Federal Communications Commission.
Long-distance carriers say they have stepped up their monitoring of customer
calls to spot unusual patterns such as repeated calls to other countries in a
short period. In April, Sprint Corp. added other protective measures,
including, for a $100 installation charge and $100 monthly fee, a fraud
liability cap of $25,000 per incident.
AT&T announced a similar plan last month.
Robert Fox, Sprint assistant vice president of security, said the new plans cut
the average fraud claim from more than $20,000 in the past to about $2,000
during the first five months of this year.
But the Sprint and AT&T plans don't go far enough, Mr. Markey said.
ICF's troubles started in March 1988. At the time, the portion of ICF that was
hit by the fraud was an independent software firm in Rockville called Chartways
Technologies Inc. ICF bought Chartways in April 1991.
As with most cases of fraud afflicting companies with private phone systems,
high-tech bandits broke into the Chartways switchboard using a toll-free number
set up for the company's customers.
Probably aided by a computer that randomly dials phone numbers, the hackers
got through security codes to obtain a dial tone to make outside calls.
The hackers used a fairly common feature some companies offer out-of-town
employees to save on long-distance calls. Ironically, Chartways never used the
feature because it was too complicated, said Walter Messick, ICF's manager of
contract administration.
On March 31, AT&T officials told Chartways that 757 calls were made to Pakistan
recently, costing $42,935.
The phone bill arrived later that day and showed that the Pakistan calls had
begun 11 days before, Mr.Messick said.
Because of the Easter holiday and monitoring of calls by Secret Service agents,
ICF's outside-calling feature was not disconnected until April 4. By then, ICF
had racked up nearly $82,000 in unauthorized calls.
A year ago, the FCC's Common Carrier Bureau turned down ICF's request to erase
the charges. The full commission will hear an appeal this fall.
_______________________________________________________________________________
Dutch Hackers Feel Data Security Law Will Breed Computer Crime July 7, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Oscar Kneppers (ComputerWorld Netherland)
HAARLEM, the Netherlands -- Dutch hackers will be seriously reprimanded for
breaking and entering computer systems, if a new law on computer crime is
passed in the Netherlands.
Discussed recently in Dutch parliament and under preparation for more than two
years, the proposed law calls hacking "a crime against property." It is
expected to be made official in next spring at the earliest and will consist of
the following three parts:
- The maximum penalty for hackers who log on to a secured computer system
would be six months' imprisonment.
- If they alter data in the system, they could spend up to four years in
prison.
- Those who illegally access a computer system that serves a "common use" --
like that in a hospital or like a municipal population database -- could soon
risk a prison sentence of six years.
This pending law does not differentiate between computer crimes committed
internally or externally from an office. For example, cracking the password of
a colleague could lead to prosecution.
Hackers believe this law will only provoke computer crime, because the hackers
themselves will no longer offer "cheap warnings" to a computer system with poor
security.
Rop Gonggrijp, who is sometimes called the King of Hacking Holland, and is
currently editor-in-chief of Dutch computer hacker magazine "Hack-tic" warns
that this law could produce unexpected and unwanted results.
"Students who now just look around in systems not knowing that it [this
activity] is illegal could then suddenly end up in jail," he said. Gonggrijp
equates hacking to a big party, where you walk in uninvited.
Gonggrijp is concerned about the repercussions the new law may have on existing
hackers. He said he thinks the current relationship between computer hackers
and systems managers in companies is favorable. "[Hackers] break into, for
example, an E-mail system to tell the systems manager that he has to do
something about the security. If this law is introduced, they will be more
careful with that [move]. The cheap warning for failures in the system will,
therefore, no longer take place, and you increase chances for so-called real
criminals with dubious intentions," he added.
According to a spokesman at the Ministry of Justice in The Hague, the law gives
the Dutch police and justice system a legal hold on hackers that they currently
lack.
"Computer criminals [now] have to be prosecuted via subtle legal tricks and
roundabout routes. A lot of legal creativity was [previously] needed. But
when this law is introduced, arresting the hackers will be much easier," he
said.
The Dutch intelligence agency Centrale Recherche Informatiedienst (CRI) in The
Hague agreed with this. Ernst Moeskes, CRI spokesman, said, "It's good to see
that we can handle computer crime in a directed way now."
_______________________________________________________________________________
PWN Quicknotes
~~~~~~~~~~~~~~
1. Printer Avoids Jail In Anti-Hacking Trial (By Melvyn Howe, Press
Association Newsfile, June 9, 1992) -- A printer avoided a jail sentence
in Britain's first trial under anti-hacking legislation. Freelance
typesetter Richard Goulden helped put his employers out of business with a
pirate computer program -- because he said they owed him L2,275 in back
pay. Goulden, 35, of Colham Avenue, Yiewsley, west London, was
conditionally discharged for two years after changing his plea to guilty on
the second day of the Southwark Crown Court hearing. He was ordered to pay
L1,200 prosecution costs and L1,250 compensation to the company's
liquidators. Goulden had originally denied the charge of unauthorized
modification of computer material under the 1990 Computer Misuse Act.
After his change of plea Judge John Hunter told him: "I think it was plain
at a very early stage of these proceedings that you had no defence to this
allegation." Mr. Warwick McKinnon, prosecuting, told the jury Goulden added
a program to a computer belonging to Ampersand Typesetters, of Camden,
north-west London, in June last year which prevented the retrieval of
information without a special password. Three months later the company
"folded". Mr Jonathan Seitler, defending, said Goulden had changed his
plea after realizing he had inadvertently broken the law.
_______________________________________________________________________________
2. ICL & GM Hughes In Joint Venture To Combat Computer Hackers (Extel Examiner,
June 15, 1992) -- General Motors Corporation unit, Hughes STX, and ICL have
set up a joint venture operation offering ways of combating computer
hackers. Hughes STX is part of GM's GM Hughes Electronics Corporation
subsidiary. ICL is 80% owned by Fujitsu. Industry sources say the venture
could reach $100 million in annual sales within four years.
_______________________________________________________________________________
3. Another Cornell Indictment (Ithaca Journal, June 17, 1992) -- Mark Pilgrim,
David Blumenthal, and Randall Swanson -- all Cornell students -- have each
been charged with 4 felony counts of first-degree computer tampering, 1
count of second-degree computer tampering, and 7 counts of second-degree
attempted computer tampering in connection with the release of the MBDF
virus to the Internet and to various BBSs.
David Blumenthal has also been charged with two counts of second-degree
forgery and two counts of first-degree falsifying business records in
connection with unauthorized account creation on Cornell's VAX5 system. He
was also charged with a further count of second-degree computer tampering
in connection with an incident that occurred in December of 1991.
_______________________________________________________________________________
4. Computer Watchdogs Lead Troopers To Hacker (PR Newswire, July 17, 1992) --
Olympia, Washington -- State Patrol detectives served a search warrant at an
East Olympia residence Thursday evening, July 16, and confiscated a personal
computer system, programs and records, the Washington State Patrol said.
The resident, who was not on the premises when the warrant was served, is
suspected of attempts to break into computer files at the Department of
Licensing and the State Insurance Commissioner's office.
The "hacker's" attempts triggered computerized security devices which
alerted officials someone was attempting to gain access using a telephone
modem. Patrol detectives and computer staff monitored the suspect's
repeated attempts for several weeks prior to service of the warrant.
Placement of a telephone call by a non-recognized computer was all that was
required to trigger the security alert. The internal security system then
stored all attempted input by the unauthorized user for later retrieval and
use by law enforcement. Integrity of the state systems was not breached.
The investigation is continuing to determine if several acquaintances may be
linked to the break in. Charges are expected to be filed as early as next
week in the case.
CONTACT: Sgt. Ron Knapp of the Washington State Patrol, (206)459-6413
_______________________________________________________________________________
5. UPI reports that the 313 NPA will split to a new 810 NPA effective
August 10, 1994.
Oakland, Macomb, Genesee, Lapeer, St. Clair and Sanilac counties as well as
small sections of Saginaw, Shiawassee and Livingston counties will go into
810. Wayne, Washtenaw, Monroe, and small parts of Jackson and Lenawee
counties will remain in 313. The city of Detroit is in Wayne County and
won't change.
_______________________________________________________________________________